Privacy Notice


We collect and process personal data relating to our job applicants to help us manage the recruitment process. We are committed to being transparent about how we collect and use that data and to meet our data protection obligations. 

We recognise the need to treat your personal data in an appropriate manner in accordance with the General Data Protection Regulations 2018 (GDPR). The purpose of this notice is to make you aware of how we will handle your personal data (“Data”).

Data refers to the information that we hold about you from which either on its own or in combination with other information you can be identified and may include names, contact details, photographs, identification numbers, online identifiers, biometric information and expressions of opinion about you or indications as to our intentions about you. A list of the data we collect is set out below.

"Processing" means doing anything with your Data, such as collecting, recording or holding the Data as well as disclosing, destroying or using the Data in any way.

We will be processing your Data under the General Data Protection Regulations (GDPR) from 25 May 2018.

This notice does not form part of your contract of employment and we may amend it at any time. You can obtain a current version here.

Why does the University process personal data?

We need to process your personal data to take steps, at your request to apply for a job at the University, to complete the Recruitment process. 

In some cases, we need to process your personal data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant's eligibility to work in the UK before employment starts.

The University also has a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide who to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the role
  • Carry out background and reference checks, where applicable
  • Communicate with you about the recruitment process
  • Keep records related to our hiring processes
  • Comply with legal or regulatory requirements 

It is in our legitimate interests to use the data you have provided to help us decide whether it is appropriate and beneficial to the University to appoint you to the role and whether to enter into a contract of employment with you. 

Having received your application form and supporting material and any additional information obtained via our recruitment and selection processes, we will process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and carry out a criminal record check (if relevant to the role you have applied for) and carry out other checks (if relevant to the role) before confirming your appointment.

Information about criminal convictions

We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role you have applied for.

We will only collect information about your criminal convictions history if entitled to do so, or required to do so by law.  We will only collect this information if we would like to offer you a role where your criminal convictions history is relevant to the role and subject to other checks and conditions, such as references, being satisfactory. 

How the University uses your Special Category Data 

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations such as those in relation to reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.

Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring and to meet the requirements of Higher Education Statistics Agency (HESA) reporting. 

Processing for limited purposes

We will only process your data for the specific purpose or purposes that we tell you about or if specifically permitted under any privacy legislation and will only process your data to the extent necessary for that specific purpose or purposes. 

What information does the University collect?

We collect and process a range of information about you in order to complete the recruitment process. This includes:

  • Biographical information about you, including your name, address and contact details, including email address and telephone number, date of birth and gender
  • Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the University
  • Details of your bank account and national insurance number
  • Information about your next of kin, dependants and emergency contacts
  • Information about your nationality and entitlement to work in the UK
  • Information about your criminal record, if relevant to the job you are applying for
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave
  • Assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence
  • Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
  • Equal opportunities monitoring information including information about your ethnic origin, sexual orientation and religion or belief.

What if you do not provide your personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process.  However, if you choose not provide the information, we may not be able to process your application properly or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Legal basis for processing

As part of the recruitment exercise we usually only process your personal data where we have your consent or where we need to process it to comply with our legal obligations. However, it may also be necessary for us to process your Data for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. 

How will your personal data be collected?

We may collect this information in a variety of ways. 

For example, data might be collected directly from you (through application forms, CVs or resumes); obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments. 

We may also collect personal data about you from third parties, such as references supplied by former employers (nominated by you), UK Visa and Immigration, information from employment background check providers and information from criminal records checks.

We will usually only seek information from third parties once a job offer to you has been made and will inform you that we are doing so.If you are applying for an academic role, we may seek references from your referees before a job offer is made to you.

We will always look to ensure that any third party has the lawful authority to share this Data with us.

We may review publicly available information about you, including your social media presence, if such a review is relevant to the role you are applying for and it is in our legitimate interests to do so.   We also recognise your right to privacy over that information and your right to object to our processing that publicly available information for our own purposes.


Cookies may be used by us to collect data for the purposes of managing and improving the services on the University Network, establishing your browsing actions and patterns and preparing customised pages. You can refuse cookies, however, if you do refuse cookies you may be unable to access certain parts of the University Network. For more information about cookies on our websites, please see:

We also collect Data relating to the demographics and interests of our users by using Google Analytics and cookies set by Google advertising networks. This Data is used in aggregated form to help improve the site and our marketing efforts. Further information and instructions for opting out of Google Analytics tracking are available at:

Where will your personal data be stored?

Your personal data will be stored in a range of different places, including in the eRecruit system, the University’s HR management systems and in other IT systems (including the University's email system).

Holding and retaining your data

We create and hold your personal data both electronically and on paper throughout the recruitment process. We will only hold your Data as long as is necessary for the purpose or purposes that we have collected it.

Any unsuccessful applications will be held within the eRecruit system for a period of up to one year before being deleted in order that you can access and re-use data in future applications and we can respond to statutory reporting requests. Successful applicant data will be transferred to our HR systems and deleted seven years after you leave employment with the University of Southampton.

You can obtain full details of our retention schedule here.

Who has access to your personal data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers/managers involved in the recruitment process, managers (and their nominated delegates) in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks (if relevant to the role) and the Disclosure and Barring Service to obtain necessary criminal records checks (if relevant to the role).  Please note that references for academic posts may be sought prior to a job offer.

Your data may be transferred outside the European Economic Area (EEA) should you apply for a role that is based in another country. Data is transferred outside the EEA on the basis of your application for a job at one or more of the University’s international establishments and/or our compliance with our legal obligations (both UK and locally to the establishment you have applied to work at) as well as our obligations under the contract of employment we enter into with you.

We may have to disclose your Data if required to do so by law in order to comply with a legal obligation, to protect our rights, interests or property and those of others, act in urgent circumstances to protect the personal safety of our staff, students and the public or to protect us against any legal liability. 

How do we protect your personal data?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Our staff have a legal duty to keep Data about you confidential. There are strict codes of conduct in place to keep your Data safe. Staff abide by the General Data Protection Regulations 2018 and the University Data Protection Policy.

We endeavour to ensure that suitable organisational and technical measures are in place to prevent the unlawful or unauthorised processing of your Data and against the accidental loss of or damage to your Data. This includes:

  • Storing Data on an appropriately secure system.
  • Training all our staff in their data protection responsibilities.
  • Working with reputable companies for data processing services who are data protection compliant and who enter into appropriate data sharing agreements.  
  • Ensuring that appropriate protection is in place when we work with trusted organisations based outside the European Economic Area (EEA).

Automated decision making and profiling

None of the personal data collected about you will be used as part of any automated decision making or to build a profile of you as part of the recruitment exercise.

If you have any concerns or queries about the decision making process please contact us by email

Your rights

You have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require us to change incorrect or incomplete data;
  • require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing; and
  • ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact us at:

Alternatively, you can exercise any of the rights described above relating to your data via: ServiceNow: or in writing to:

The Data Protection Officer

Legal Services

University of Southampton, Highfield

Southampton, SO171BJ

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

Right to withdraw consent

When you applied for this role, you provided consent to us processing your personal information for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention schedule, we will dispose of your personal data securely.

How do you access your data?

Once you have submitted your application via e-Recruit you will not be able to change any of the application details, including your personal data. You do have control over your recruitment related data through your logon to the e-Recruit system and can change, update and delete as you wish for future job applications. In certain circumstances you can request your data for reuse for your own purposes across different services.  If you require any further assistance with this please contact:  

Accurate data

You can maintain the data we store about you yourself on the e-Recruit system to keep it accurate and up to date. Alternatively, if you are unable to self-serve, you can also contact us if your details change or if you feel that the Data we hold about you for recruitment purposes is inaccurate or incomplete at:

Unwanted communications

If at any stage you are concerned about the content of communications from the Human Resources Teams e.g. unwanted marketing information (i.e. job alerts) or you wish to change how we communicate with you please contact us at

Further information

We also have additional policies and guidelines concerning particular activities. If you would like further information please see our Publication Scheme at: If you are unhappy with the way that we have handled your data you can contact us at: contact the Information Commissioner’s Office. See their website at: University of Southampton is the Data Controller and our registration number with the Information Commissioner’s Office is Z6801020.

Login to your account


Forgotten your password?

Register for an account

Mindful Employer Disability Confident Leader HR Excellence In Research Stonewall Diversity Champion Athena Swan Silver Award - University of Southampton Committed to being an Inclusive Employer